RV220W Access Rules Failing - Requests Answered By Firewall

Similar Messages

• RV220W access rules (related to wireless deactivation)

  I would like to find a workaround in order to have an "advanced SSID scheduler" to activate wireless connections at different times depending on the day. There currently is only one single setting available, which activates a wireless network at the same time every single day, 365 days/year... Even on weekends and during the holidays.
  I actually managed to program an access rule to slightly modify this behaviour, but I can't manage to disable the signal completely, and connections are still active (on specific applications, at least), which is a real issue to me.
  This is the access rule I have currently set:
  Connection type: Outbound
  Action: Block by schedule (using a different schedule than the one set on the basic wireless settings)
  Service: Any
  Source IP: Address range (all the devices I want to control with the rule)
  Destination IP: Any
  This rule works, but when the "off" time triggers, if a device was connected on facebook Messenger or on Skype, it will keep the connection and not lose it as expected. Actually, facebook Messenger will still accept incoming messages, but won’t send outgoing messages.
  Of course, I’d like to make sure the wireless signal is completely blocked...
  Any suggestion?

  Update - I managed to get the firewall to pass the HTTPS requests by changing the remote management port to 60443 and changing the NAT rule from ANY to HTTP and adding access policies for the other ports. The problem now is that the firewall is not always passing SSH traffic.
  Intermittently the firewall accepts the SSH traffic intended to go to the xxx.xxx.xxx.219 on xxx.xxx.xxx.218.
  NAT:
  Private Range Begin: xxx.xxx.xxx.32
  Public Range Begin: xxx.xxx.xxx.219
  Range Length: 1 Service: HTTP
  ACL:
  Connection Type: Inbound > LAN
  Action: Always Allow
  Service: HTTPS
  Source IP: Any
  DNAT IP: xxx.xxx.xxx.32
  WAN IP Address: xxx.xxx.xxx.219
  Connection Type: Inbound > LAN
  Action: Always Allow
  Service: SSH
  Source IP: Any
  DNAT IP: xxx.xxx.xxx.32
  WAN IP Address: xxx.xxx.xxx.219
  I know that it is a bad idea to have SSH open on a public IP, but until I can get IPSEC VPN set up this is necessary. I'm not willing to start with the IPSEC setup until I can get the other rules to be stable.
  One nightmare at a time, please.

• Applying new access rules fails.

  Netware 6.5 SP6 BM 3.9
  Ok, new problem. I am trying to add some new access rules to the list in a particular container. When I have defined the rule and click apply I get the following message - Unknown system error. This doesnt happen on the other container which already has rules defined in it. Are the rules from the higher level container being propogated down the tree as I assumed they would be ?
  ---treename 2 explicit deny rules for the whole company
  ------it This container to be exempt. cant add rule to allow all.
  ------helpdesk
  ------etc
  Another aside seems to be that even though "Enforce Access Rules" is always on sometimes the rules do not work and sometimes they do.
  Any help much appreciated.

  JeffSheehan,
  It appears that in the past few days you have not received a response to your posting. That concerns us, and has triggered this automated reply.
  Has your problem been resolved? If not, you might try one of the following options:
  - Visit http://support.novell.com/ to search the knowledgebase and check the other support options available on that page under "Self Support" and "Support Programs".
  - You could also try posting your message again. Make sure it is posted in the correct newsgroup. (http://support.novell.com/forums)
  If this is a reply to a duplicate posting, please ignore and accept our apologies and rest assured we will issue a stern reprimand to our posting bot.
  Good luck!
  Your Novell Product Support Forums Team
  http://support.novell.com/forums/

• RV220W - port redirection/access rules with multiple WAN IPs

  I've just installed a Cisco RV220W - which works fine for outbound traffic, however for inbound it seems unable to work with multiple WAN IPs.
  We have a block of 6 WAN IPs assigned to us by our ISP, and I want to make use of all of them to expose certain ports on our servers to the outside world.
  I've tried to do this with Access Rules (using HTTP as an example) with the following settings:
  Connection Type: Inbound (WAN (Internet) > LAN (Local Network))
  Action: Always Allow
  Service: HTTP
  Source IP: Single Address
  Start: <one of the WAN IPs>
  Send to Local Server (DNAT IP): <IP of the internal server>
  Use Other WAN (Internet) IP Address: disabled
  Rule Status: Enabled
  Yet the server/port remains inaccessible.
  I've tried:
  rebooting the server with a power off/on again
  implementing the same settings in port forwarding
  triple-checking all IP addresses being used
  The only way I've got it working is by changing the access rule so that it applies to any source address rather than one specific one...  however that's not a solution for us as we need to use specific IP addresses for specific internal servers/ports.
  The router's admin interface certainly suggests this should be possible, however making use of it seems to break all incoming access!
  Any suggestions welcome.

  You should be using "ANY" as the source IP, as you are publishing your internal server to the internet and internet means the request comes from any source IP (you don't know what it is, so it will be any.
  Basically, you want any source IP to hit one of your WAN IPs on port 80, and then your firewall will redirect that request to the internal server's private IP address on same port 80. And when the response comes back from the internal server, the firewall will already have this translate entry in it so the reverse NAT will happen (you don't need configure this, it is default firewall feature).
  I hope I have answered your question well.
  Please mark as correct if you like the response.
  Thanks

• Failed to update server firewall rules

  Hi 
  I have a problem with the SQL firewall. Unfortunately, I can not add IP address. It always comes this error when saving: Failed to update server firewall rules 
  How can I change this? I need to change this setting so that I can work again. Unfortunately, I do not want to help the Support of Microsoft !!

  Hi,
  To configure your firewall, you create firewall rules that specify ranges of acceptable IP addresses. You can create firewall rules at the
  server and database levels.
  Server-level firewall rules: These rules enable clients to access your entire Azure SQL Database server, that is, all the databases within the same logical server. These rules are stored in the
  master database.
  Database-level firewall rules: These rules enable clients to access individual databases within your Azure SQL Database server. These rules are created per database and are stored in the individual databases (including
  master). These rules can be helpful in restricting access to certain (secure) databases within the same logical server.
  For additional information check this below link
  http://msdn.microsoft.com/en-us/library/azure/ee621782.aspx
  http://social.technet.microsoft.com/wiki/contents/articles/2677.windows-azure-sql-database-firewall-en-us.aspx
  http://social.msdn.microsoft.com/Forums/azure/en-US/ea128f00-8a94-4ace-88ff-d7095ff60c1a/cannot-change-firewall-setting-for-sql-azure-after-ip-change?forum=ssdsgetstarted
  Girish Prajwal

• Inactive firewall access rule can still work?

  Hi all,
  I have a asa firewall which has a inactive access rule whose enabled checkbox is not checked. However it seem that this access rule can still work.
  Hence i would like to know what is the difference in having the access rule's enabled checkbox check or uncheck. Pls advise, thks in advance.

  I'm assuming by rule you mean an inactive access-list entry?  If so, did you try clearing the translations (clear xlate) after disabling it?
  Try running packet-tracer to determine if that is the rule that the traffic is hitting.

• Firewall Access Rules do not work on One to One NAT (RV042G Router)

  I have two unique IP addresses, two servers, and one RV042G router. 
  What I would like to do is have each IP address go to it's own respective server. To do that, I've set the settings on One-to-One NAT to make this happen. Now IP address 1 points to server A and IP address 2 points to server B.
  However, I only want port 80 to be open to each server. I've tried setting the Firewall access rules to accommodate this but it doesn't appear to block anything. All ports on the servers are exposed despite the firewall rules.
  Here's what I have in the router configuration:
  Under One-to-One NAT:
  {internal IP address 1} => {external IP address 1}
  {internal IP address 2} => {external IP address 2}
  Under Firewall Access Rules:
  Action | Service | Source Interface | Source | Destination | Time
  Allow | HTTP Secondary 80 | WAN1 | Any | {internal IP address 1} | Always
  Deny | All Traffic | WAN1 | Any | Any | Always
  Is there a proper way to accomplish what I want?

  Thanks for replying. 
  Turns out I had to add new access rules to specifically deny all traffic to the internal addresses, in addition to the rule allowing the specified ports through.
  So, with the IP addresses still defined the same way in the One-to-One NAT section, I now have the following rules defined in the firewall section:
  Under Firewall Access Rules:
  Priority | Action | Service | Source Interface | Source | Destination | Time
  [1] | Allow | HTTP Secondary 80 | ANY | Any | {internal IP address 1} | Always
  [2] Deny | All Traffic | WAN1 | Any | { internal IP address 1 } | Always <== the new one I ended up adding
  (default) | Deny | All Traffic | WAN1 | Any | Any | Always <== built in default rule in router
  I originally did not add the second rule because I had assumed that the default deny rule would block all traffic to all internal IP addresses anyway. Perhaps someone can correct me if I'm wrong but I am now assuming that the default deny rule applies to the router only and not to any other defined One-to-One NAT entries. In which case, I had to add another rule that duplicates the default deny rule but for each 1:1 NAT entry.
  If this was already in the manual, I probably missed it so that would be my own mistake. Still, I wish this was more apparent in the web GUI as it didn't really specify that I had to do this.
  In any case, I hope my solution helps anyone else in the future having this similar issue.

• RV220W - Scheduled Access Rules

  I have an RV220W managing my home/home office network. Since it is summer time and my kids have a lot of free time on their hands, I have established some Scheduled Access Rules to regulate their online activities. The rules are set up as scheduled blocks (my basic rule is allow all) and they were created using the schedule manager and the access rules wizard. For some reason that escapes me, the router engages the block just fine. But when the time rolls around to allow access (or I manually disable the rule), nothing changes on the network until I reboot the router. This routine gets old, fast. Am I doing something wrong?

  Naresh,
  I have read through all of the documentation (print and online) forwards and backwards. Let me reiterate what is happening:
  I have an RV220W (latest firmware) attached to my Comcast Business Class cable modem.
  The cable modem is in bridge mode.
  My default Outbound Policy is ALLOW.
  I have a set of BLOCK BY SCHEDULE rules for controlling access to Minecraft game servers (port 25565) at three different times a day. Using ALLOW BY SCHEDULE is pointless as the DEFAULT OUTBOUND POLICY overrides this.
  If I disable one of the rules while it is active, it's deactivation does not take effect unless I reboot the RV220W. If the time schedule lapses, the block is still in force.
  That is not the way it is supposed to work.

• ASA 5505, error in Access Rule

  Hello.
  Tha ASA 5505 is working, but I try to allow http and https from internet to a server running 2012 Essentials. The server has the internal IP 192.168.0.100. I have created an Object called SERVER with IP 192.168.0.100
  The outside Interface is called ICE
  I have configured NAT:
  I have also configured Access Rules:
  But when I test it With the Packet Tracer I get an error:
  Whats wrong With the Access Rule?
  I do prefer the ASDM :)
  Best regards Andreas

  Hello Jeevak.
  This is the running config (Vlan 13 (Interface ICE) is the one in use:
  domain-name DOMAIN.local
  names
  name 192.168.0.150 Server1 description SBS 2003 Server
  name 192.168.10.10 IP_ICE
  name x.x.x.0 outside-network
  name x.x.x.7 IP_outside
  name 192.168.0.100 SERVER description Hovedserver
  interface Vlan1
   nameif inside
   security-level 100
   ip address 192.168.0.1 255.255.255.0
  interface Vlan2
   description Direct Connect
   backup interface Vlan13
   nameif outside
   security-level 0
   pppoe client vpdn group PPPoE_DirectConnect
   ip address pppoe
  interface Vlan3
   description Gjestenettet
   nameif dmz
   security-level 50
   ip address 10.0.0.1 255.255.255.0
  interface Vlan13
   description Backupnett ICE
   nameif ICE
   security-level 0
   ip address IP_ICE 255.255.255.0
  interface Vlan23
   description
   nameif USER
   security-level 50
   ip address 10.1.1.1 255.255.255.0
  interface Ethernet0/0
   switchport access vlan 2
  interface Ethernet0/1
   switchport access vlan 13
  interface Ethernet0/2
   switchport access vlan 23
  interface Ethernet0/3
  interface Ethernet0/4
  interface Ethernet0/5
  interface Ethernet0/6
   switchport access vlan 3
  interface Ethernet0/7
   switchport access vlan 3
  ftp mode passive
  clock timezone CEST 1
  clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
  dns domain-lookup dmz
  dns server-group DefaultDNS
   domain-name DOMAIN.local
  same-security-traffic permit inter-interface
  same-security-traffic permit intra-interface
  access-list outside_access_in extended permit tcp any host IP_outside eq https
  access-list outside_access_in extended permit tcp any host IP_outside eq www
  access-list outside_access_in extended permit icmp any host IP_outside echo-reply
  access-list outside_access_in remark For RWW
  access-list outside_access_in remark For RWW
  access-list outside_access_in remark For RWW
  access-list outside_access_in remark For RWW
  access-list outside_access_in remark For RWW
  access-list outside_access_in remark For RWW
  access-list outside_access_in remark For RWW
  access-list outside_access_in remark For RWW
  access-list outside_access_in remark For RWW
  access-list outside_access_in remark For RWW
  access-list outside_access_in remark For RWW
  access-list outside_access_in remark For RWW
  access-list DOMAINVPN_splitTunnelAcl standard permit any
  access-list inside_nat0_outbound extended permit ip any 192.168.0.192 255.255.255.192
  access-list inside_nat0_outbound extended permit ip 192.168.0.0 255.255.255.0 192.168.0.192 255.255.255.192
  access-list DOMAIN_VPN_splitTunnelAcl standard permit 192.168.0.0 255.255.255.0
  access-list ICE_access_in extended permit tcp any host IP_ICE eq https
  access-list ICE_access_in extended permit tcp any host IP_ICE eq www
  access-list ICE_access_in extended permit icmp any host IP_ICE echo-reply
  access-list ICE_access_in remark For RWW
  access-list ICE_access_in remark For RWW
  access-list USER_access_in extended permit ip any any
  pager lines 24
  logging enable
  logging asdm warnings
  mtu inside 1500
  mtu outside 1500
  mtu dmz 1500
  mtu ICE 1500
  mtu USER 1500
  ip local pool VPNPool 192.168.10.210-192.168.10.225 mask 255.255.255.0
  no failover
  monitor-interface inside
  monitor-interface outside
  monitor-interface dmz
  monitor-interface ICE
  monitor-interface USER
  icmp unreachable rate-limit 1 burst-size 1
  icmp permit outside-network 255.255.255.0 outside
  icmp permit 192.168.10.0 255.255.255.0 ICE
  asdm image disk0:/asdm-524.bin
  no asdm history enable
  arp timeout 14400
  global (outside) 1 interface
  global (ICE) 1 interface
  nat (inside) 0 access-list inside_nat0_outbound
  nat (inside) 1 0.0.0.0 0.0.0.0
  nat (dmz) 1 10.0.0.0 255.255.255.0
  nat (USER) 1 10.1.1.0 255.255.255.0
  static (inside,ICE) tcp interface www SERVER www netmask 255.255.255.255
  static (inside,outside) tcp interface www SERVER www netmask 255.255.255.255
  static (inside,ICE) tcp interface https SERVER https netmask 255.255.255.255
  static (inside,outside) tcp interface https SERVER https netmask 255.255.255.255
  access-group outside_access_in in interface outside
  access-group ICE_access_in in interface ICE
  access-group USER_access_in in interface USER
  route outside 0.0.0.0 0.0.0.0 x.x.x.1 1 track 123
  route ICE 0.0.0.0 0.0.0.0 192.168.10.1 254
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  http server enable
  http 192.168.0.0 255.255.255.0 inside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  sla monitor 1
   type echo protocol ipIcmpEcho x.x.x.1 interface outside
   num-packets 3
   frequency 10
  sla monitor schedule 1 life forever start-time now
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto dynamic-map outside_dyn_map 20 set pfs group1
  crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
  crypto dynamic-map outside_dyn_map 40 set pfs group1
  crypto dynamic-map outside_dyn_map 40 set transform-set ESP-3DES-SHA
  crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
  crypto map outside_map interface outside
  crypto isakmp enable outside
  crypto isakmp policy 10
   authentication pre-share
   encryption 3des
   hash sha
   group 2
   lifetime 86400
  track 123 rtr 1 reachability
  no vpn-addr-assign local
  telnet timeout 5
  ssh timeout 5
  console timeout 0
  management-access inside
  dhcpd auto_config outside
  dhcpd address 10.0.0.10-10.0.0.39 dmz
  dhcpd dns y.y.y.2 z.z.z.z interface dmz
  dhcpd lease 6000 interface dmz
  dhcpd enable dmz
  dhcpd address 10.1.1.100-10.1.1.120 USER
  dhcpd dns y.y.y.2 z.z.z.z interface USER
  dhcpd lease 6000 interface USER
  dhcpd domain USER interface USER
  dhcpd enable USER
  ntp server 64.0.0.2 source outside
  group-policy DOMAIN_VPN internal
  group-policy DOMAIN_VPN attributes
   dns-server value 192.168.0.150
   vpn-tunnel-protocol IPSec
   split-tunnel-policy tunnelspecified
   split-tunnel-network-list value DOMAIN_VPN_splitTunnelAcl
   default-domain value DOMAIN.local
  class-map inspection_default
   match default-inspection-traffic
  class-map imblock
   match any
  class-map P2P
   match port tcp eq www
  policy-map type inspect dns preset_dns_map
   parameters
    message-length maximum 512
  policy-map type inspect im impolicy
   parameters
   match protocol msn-im yahoo-im
    drop-connection log
  policy-map global_policy
   class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny
    inspect sunrpc
    inspect xdmcp
    inspect sip
    inspect netbios
    inspect tftp
    inspect pptp
  policy-map type inspect http P2P_HTTP
   parameters
   match request uri regex _default_gator
    drop-connection log
   match request uri regex _default_x-kazaa-network
    drop-connection log
   match request uri regex _default_msn-messenger
    drop-connection log
   match request uri regex _default_gnu-http-tunnel_arg
    drop-connection log
  policy-map IM_P2P
   class imblock
    inspect im impolicy
   class P2P
    inspect http P2P_HTTP
  service-policy global_policy global
  service-policy IM_P2P interface inside
  prompt hostname context
  : end
  asdm image disk0:/asdm-524.bin
  asdm location Server1 255.255.255.255 inside
  asdm location IP_ICE 255.255.255.255 inside
  asdm location outside-network 255.255.255.0 inside
  asdm location SERVER 255.255.255.255 inside
  no asdm history enable
  What is wrong? Everything Works well except port forwarding.
  Andreas

• High memory usage and error creating access rules

  Hi guys
  I'm having a problem with the memory and also trying to create some rules on the CISCO ASA. The version that I got installed was the 8.2.5.33 on a CISCO 5520 with 512 RAM, the memory usage is on 99% used, 1% free and because of that when I'm trying to create a new rule the firewall brings me the next error
  So what I did was a downgrade to the version 8.2 (4) 4 and the memory went down a little (82% used, 18% free) but I still got the error when I'm creating an access rule on the device. One thing and I'm not sure if this could affect on the performance are the number of access list and the object groups that are created.
  I already open a case with CISCO TAC and they are checking if the problem is with the memory capacity or maybe a memory leak.
  Also the doubt that I got is with the memory that I got now available should I can create access rules or 82 is still to hig to create a rule or and object group?
  Regards

  Hi,
  Can you check what is the amount of ACEs you have on the ACLs in use?
  I think if you use the command "show access-list " the first line should give you the total amount of ACEs in the ACL
  - Jouni

• Error while accessing ESS Loan Request.

  Hi Experts,
  While accessing ESS Loan request for Country grouping 40 India am getting below mentioned error saying that 500 Internal Server Error.
  I have maintained the settings for Leave request and maintained Infotype 45 Loans for employee.
  But it is giving the below mentioned error.
  500   Internal Server Error
    SAP NetWeaver Application Server 7.00/Java AS 7.00 
  Failed to process request. Please contact your system administrator.
  [Hide]
  Error Summary
  While processing the current request, an exception occured which could not be handled by the application or the framework.
  If the information contained on this page doesn't help you to find and correct the cause of the problem, please contact your system administrator. To facilitate analysis of the problem, keep a copy of this error page. Hint: Most browsers allow to select all content, copy it and then paste it into an empty document (e.g. email or simple text file).
  Root Cause
  The initial exception that caused the request to fail, was:
     com.sap.dictionary.runtime.DdException: Type com.sap.model.loan.types.Extdl does not exist
      at com.sap.dictionary.types.mdi.util.ProviderUtil.createAbapTypeXmlMap(ProviderUtil.java:400)
      at com.sap.dictionary.runtime.mdi.DataProvider.createSimpleTypeFromAbapType(DataProvider.java:596)
      at com.sap.dictionary.runtime.mdi.DataProvider.getDataType(DataProvider.java:296)
      at com.sap.dictionary.runtime.DdDictionary.getDataType(DdDictionary.java:94)
      at com.sap.dictionary.runtime.DdBroker.getDataType(DdBroker.java:164)
      ... 74 more
  See full exception chain for details.
  System Environment
  Client
  Web Dynpro Client Type HTML Client
  User agent Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2)
  Version null
  DOM version null
  Client Type msie8
  Client Type Profile ie6
  ActiveX enabled
  Cookies enabled
  Frames enabled
  Java Applets enabled
  JavaScript enabled
  Tables enabled
  VB Script enabled
  Server
  Web Dynpro Runtime Vendor: SAP, build ID: 7.0205.20100813133935.0000 (release=NW702_05_REL, buildtime=2010-09-13:15:28:44[UTC], changelist=91834, host=pwdfm256), build date: Fri Feb 11 16:31:03 IST 2011
  J2EE Engine 7.02 PatchLevel 91789.
  Java VM Java HotSpot(TM) 64-Bit Server VM, version:1.4.2_28-b03, vendor: Sun Microsystems Inc.
  Operating system Windows Server 2008 R2, version: 6.1, architecture: amd64
  Session & Other
  Session Locale en_US
  Time of Failure Fri Feb 18 11:17:24 IST 2011 (Java Time: 1298008044828)
  Web Dynpro Code Generation Infos
  sap.com/pb
  SapDictionaryGenerationCore 7.0205.20100813133727.0000 (release=NW702_05_REL, buildtime=2010-09-13:15:18:36[UTC], changelist=91776, host=PWDFM256.wdf.sap.corp)
  SapDictionaryGenerationTemplates 7.0205.20100813133727.0000 (release=NW702_05_REL, buildtime=2010-09-13:15:18:40[UTC], changelist=91776, host=PWDFM256.wdf.sap.corp)
  SapGenerationFrameworkCore 7.0205.20100813133737.0000 (release=NW702_05_REL, buildtime=2010-09-13:15:08:53[UTC], changelist=91781, host=PWDFM256.wdf.sap.corp)
  SapIdeWebDynproCheckLayer 7.0205.20100813133926.0000 (release=NW702_05_REL, buildtime=2010-09-13:15:22:53[UTC], changelist=91832, host=PWDFM256.wdf.sap.corp)
  SapMetamodelCommon 7.0205.20100813133815.0000 (release=NW702_05_REL, buildtime=2010-09-13:15:09:28[UTC], changelist=91800, host=PWDFM256.wdf.sap.corp)
  SapMetamodelCore 7.0205.20100813133815.0000 (release=NW702_05_REL, buildtime=2010-09-13:15:09:25[UTC], changelist=91800, host=PWDFM256.wdf.sap.corp)
  SapMetamodelDictionary 7.0205.20100813133729.0000 (release=NW702_05_REL, buildtime=2010-09-13:15:16:20[UTC], changelist=91777, host=PWDFM256.wdf.sap.corp)
  SapMetamodelWebDynpro 7.0205.20100813133929.0000 (release=NW702_05_REL, buildtime=2010-09-13:15:20:37[UTC], changelist=91833, host=PWDFM256.wdf.sap.corp)
  SapWebDynproGenerationCTemplates 7.0205.20100813133935.0000 (release=NW702_05_REL, buildtime=2010-09-13:15:30:09[UTC], changelist=91834, host=pwdfm256)
  SapWebDynproGenerationCore 7.0205.20100813133926.0000 (release=NW702_05_REL, buildtime=2010-09-13:15:22:57[UTC], changelist=91832, host=PWDFM256.wdf.sap.corp)
  SapWebDynproGenerationTemplates 7.0205.20100813133935.0000 (release=NW702_05_REL, buildtime=2010-09-13:15:30:09[UTC], changelist=91834, host=pwdfm256)
  Detailed Error Information
  Detailed Exception Chain
  com.sap.tc.webdynpro.services.exceptions.TypeNotFoundException: type com.sap.model.loan.types.Extdl could not be loaded: com.sap.dictionary.runtime.DdException: Type com.sap.model.loan.types.Extdl does not exist
       at com.sap.tc.webdynpro.services.datatypes.core.DataTypeBroker.getSimpleType(DataTypeBroker.java:268)
       at com.sap.tc.webdynpro.services.datatypes.core.DataTypeBroker.getDataType(DataTypeBroker.java:231)
       at com.sap.tc.webdynpro.progmodel.context.DataAttributeInfo.init(DataAttributeInfo.java:318)
       at com.sap.tc.webdynpro.progmodel.context.NodeInfo.initUnmappedAttributes(NodeInfo.java:687)
       at com.sap.tc.webdynpro.progmodel.context.DataNodeInfo.doInit(DataNodeInfo.java:238)
       at com.sap.tc.webdynpro.progmodel.context.NodeInfo.init(NodeInfo.java:671)
       at com.sap.tc.webdynpro.progmodel.context.NodeInfo.init(NodeInfo.java:674)
       at com.sap.tc.webdynpro.progmodel.context.Context.init(Context.java:40)
       at com.sap.tc.webdynpro.progmodel.controller.Controller.init(Controller.java:199)
       at com.sap.tc.webdynpro.clientserver.cal.ClientComponent.init(ClientComponent.java:430)
       at com.sap.tc.webdynpro.clientserver.cal.ClientComponent.createComponent(ClientComponent.java:940)
       at com.sap.tc.webdynpro.clientserver.cal.ClientComponent.createComponent(ClientComponent.java:177)
       at com.sap.tc.webdynpro.progmodel.components.ComponentUsage.createComponentInternal(ComponentUsage.java:149)
       at com.sap.tc.webdynpro.progmodel.components.ComponentUsage.createComponent(ComponentUsage.java:141)
       at com.sap.pcuigp.xssfpm.wd.FPMComponent$ComponentUsageManager.createBLCComponentUsage(FPMComponent.java:761)
       at com.sap.pcuigp.xssfpm.wd.FPMComponent$FPM.attachComponentToUsage(FPMComponent.java:920)
       at com.sap.pcuigp.xssfpm.wd.FPMComponent$FPM.attachComponentToUsage(FPMComponent.java:891)
       at com.sap.pcuigp.xssfpm.wd.FPMComponent$FPMProxy.attachComponentToUsage(FPMComponent.java:1084)
       at com.sap.ess.in.loan.overview.VcOverviewESS.onInit(VcOverviewESS.java:244)
       at com.sap.ess.in.loan.overview.wdp.InternalVcOverviewESS.onInit(InternalVcOverviewESS.java:611)
       at com.sap.ess.in.loan.overview.VcOverviewESSInterface.onInit(VcOverviewESSInterface.java:162)
       at com.sap.ess.in.loan.overview.wdp.InternalVcOverviewESSInterface.onInit(InternalVcOverviewESSInterface.java:144)
       at com.sap.ess.in.loan.overview.wdp.InternalVcOverviewESSInterface$External.onInit(InternalVcOverviewESSInterface.java:220)
       at com.sap.pcuigp.xssfpm.wd.FPMComponent.doProcessEvent(FPMComponent.java:564)
       at com.sap.pcuigp.xssfpm.wd.FPMComponent.doEventLoop(FPMComponent.java:438)
       at com.sap.pcuigp.xssfpm.wd.FPMComponent.wdDoInit(FPMComponent.java:196)
       at com.sap.pcuigp.xssfpm.wd.wdp.InternalFPMComponent.wdDoInit(InternalFPMComponent.java:110)
       at com.sap.tc.webdynpro.progmodel.generation.DelegatingComponent.doInit(DelegatingComponent.java:108)
       at com.sap.tc.webdynpro.progmodel.controller.Controller.initController(Controller.java:215)
       at com.sap.tc.webdynpro.progmodel.controller.Controller.init(Controller.java:200)
       at com.sap.tc.webdynpro.clientserver.cal.ClientComponent.init(ClientComponent.java:430)
       at com.sap.tc.webdynpro.clientserver.cal.ClientApplication.init(ClientApplication.java:362)
       at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.initApplication(ApplicationSession.java:783)
       at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:303)
       at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessingPortal(ClientSession.java:761)
       at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:696)
       at com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:253)
       at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:149)
       at com.sap.tc.webdynpro.clientserver.session.core.ApplicationHandle.doProcessing(ApplicationHandle.java:73)
       at com.sap.tc.webdynpro.portal.pb.impl.AbstractApplicationProxy.sendDataAndProcessActionInternal(AbstractApplicationProxy.java:876)
       at com.sap.tc.webdynpro.portal.pb.impl.AbstractApplicationProxy.create(AbstractApplicationProxy.java:222)
       at com.sap.portal.pb.PageBuilder.updateApplications(PageBuilder.java:1355)
       at com.sap.portal.pb.PageBuilder.createPage(PageBuilder.java:357)
       at com.sap.portal.pb.PageBuilder.init(PageBuilder.java:551)
       at com.sap.portal.pb.PageBuilder.wdDoRefresh(PageBuilder.java:597)
       at com.sap.portal.pb.PageBuilder$1.doPhase(PageBuilder.java:870)
       at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processPhaseListener(WindowPhaseModel.java:755)
       at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.doPortalDispatch(WindowPhaseModel.java:717)
       at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequest(WindowPhaseModel.java:136)
       at com.sap.tc.webdynpro.clientserver.window.WebDynproWindow.processRequest(WebDynproWindow.java:335)
       at com.sap.tc.webdynpro.clientserver.cal.AbstractClient.executeTasks(AbstractClient.java:143)
       at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:333)
       at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:712)
       at com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:253)
       at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:149)
       at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doContent(DispatcherServlet.java:62)
       at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doPost(DispatcherServlet.java:53)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
       at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
       at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
       at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
       at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
       at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
       at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
       at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
       at java.security.AccessController.doPrivileged(Native Method)
       at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
       at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
  Caused by: com.sap.dictionary.runtime.DdException: Type com.sap.model.loan.types.Extdl does not exist
       at com.sap.dictionary.types.mdi.util.ProviderUtil.createAbapTypeXmlMap(ProviderUtil.java:400)
       at com.sap.dictionary.runtime.mdi.DataProvider.createSimpleTypeFromAbapType(DataProvider.java:596)
       at com.sap.dictionary.runtime.mdi.DataProvider.getDataType(DataProvider.java:296)
       at com.sap.dictionary.runtime.DdDictionary.getDataType(DdDictionary.java:94)
       at com.sap.dictionary.runtime.DdBroker.getDataType(DdBroker.java:164)
       at com.sap.dictionary.runtime.DdBroker.getSimpleType(DdBroker.java:170)
       at com.sap.tc.webdynpro.services.datatypes.core.DataTypeBroker.getSimpleType(DataTypeBroker.java:260)
       ... 72 more
  Please suggest me the solution for this.
  Regards,
  Ksanj.

  Please   check that the ESS/ERP packages fit together according to
  the page
  https://wiki.sdn.sap.com/wiki/display/ERPHCM/HOWTOGETRIDOFSPSTACK+
  MISMATCH+ISSUES
  Please check again the componentinfo and the SPlevels of the testlandsca
  pe, that the same level is used on the prod landscape.
  So ensure you are on correct levels!

• Making a REST webservice call. Error code: 401 Access to the requested resource is not allowed

  Hi All,
  I’m having a hard time figuring out how to make Rest WebService calls.
  I tried executing this directly through browser and I get an error.
  http:localhost:8080/rest/bean/atg/userprofiling/ProfileServices/loginUser?arg1=[email protected]&arg2=Password
  13:18:20,613 ERROR [RestSecurityServlet] Error code: 401
  Access to the requested resource is not allowed: /atg/userprofiling/ProfileServices
  atg.rest.RestException: Access to the requested resource is not allowed: /atg/userprofiling/ProfileServices
  at atg.rest.processor.RestSecurityProcessor.checkAccess(RestSecurityProcessor.java:546)
  at atg.rest.processor.RestSecurityProcessor.handleGetRequest(RestSecurityProcessor.java:313)
  at atg.rest.processor.RestSecurityProcessor.doRESTGet(RestSecurityProcessor.java:199)
  at atg.rest.servlet.RestPipelineServlet.serviceRESTRequest(RestPipelineServlet.java:417)
  at atg.rest.servlet.RestPipelineServlet.service(RestPipelineServlet.java:260)
  at atg.servlet.pipeline.PipelineableServletImpl.passRequest(PipelineableServletImpl.java:157)
  at atg.servlet.pipeline.PipelineableServletImpl.service(PipelineableServletImpl.java:320)
  at atg.rest.servlet.RestPipelineServlet.service(RestPipelineServlet.java:264)
  at atg.rest.servlet.HeadRestServlet.service(HeadRestServlet.java:130)
  at atg.servlet.pipeline.PipelineableServletImpl.service(PipelineableServletImpl.java:267)
  From the documentation I understand that I need to create a session, is the session only necessary to access secured components since this
  particular method “ProfileServices.loginUser “ has been declared as not secure in restSecurityConfiguration.xml
  Also, are there two different ways in which I can log in
  1.       Using RestSession.createSession providing the username and password.
  2.       Or using ProfileServices.loginUser or ProfileFormHandler
    Can someone please clarify

  If you are invoking the REST web-service from a Java client then you can create a RestSession object using the createSession method. But in your case you seem to be invoking it with a HTTP request which by default would be treated as a GET request by ATG's REST implementation. Therefore being a GET, it would try to fetch a property "loginUser" from /atg/userprofiling/ProfileServices component (based on your URL) which would always fail.
  To invoke loginUser() method of ProfileServices with your passed argument you need to tell ATG's REST system to treat your incoming request not as GET but as a POST request which you can do using  atg-rest-http-method control parameter in your request like this
  http:localhost:8080/rest/bean/atg/userprofiling/ProfileServices/loginUser?arg1=[email protected]&arg2=Password&atg-rest-http-method=POST
  It should work this way provided your restSecurityConfiguration.xml is proper.

• Cluster Setup Support Rules fails with Warnings

  Hi,
  I'm in the process of installing our ECC production server in a clustered environment on windows server 2008 with SQL server 2008 as our database.
  The MSCS cluster at the OS level has been configured successfully. When I start the SQL server installation as mentioned in the installation guide, the Setup Support Rules fails with following warnings.
  1. The setup support file prompts me to set the MSDTC service as a clustered one but it was not mentioned anywhere in the installation guide that the MSDTC service needs to be clustered. Do I need to cluster that service with seperate network ip address and cluster group ?
  2. The Network binding order issues a warning even though the adapters are set up in the right order as mentioned in the installation guide.
  3. Eventhough there is a internet connectivity available in the server, the "Microsoft .Net Application Security" check issues a warning.
  NB: As per the cluster validation report, the clustering at the OS level seems to be fine.
  Please provide me your valuable suggestions to rectify these warnings. Can I ignore these warnings and proceed with the installation of SQL Server ?
  Regards,
  Varadharajan M

  Hi,
  Microsoft Distributed Transaction Coordinator
  Is is user by older versions of Mssql database.
  From a SAP perspective you don't need this service.
  You can ignore setup request for this service.
  As per the reply, I understand that the MSDTC service is not mandatory to cluster in Windows Server 2008/MS SQL Server 2008. But when i try to install the SQL DB, the Set support rule ends up with warnings saying that the MSDTC service should be clustered. Can I ignore the warnings and proceed with the installation. Can anyone confirm this please ?
  Also please confirm whether we need to have the db cluster group in the DNS before initiating the SQL Server Set up.
  Regards,
  Varadharajan M

• RV082 Access Rules

  Good Day To All,
       We recently purchased a RV082 Firewall Router and I am having the headache of a lifetime with the access rules and port forwarding. I have read EVERY post possible and still cannot come to a conclusion of what I am doing wrong...
  First Question is the MAIL SERVER.. I could not get our email server to talk when setting this device to DMZ so for the time being I put it on LAN2 and attempted to set up an access rule Port 25 to the IP of the mail server. NO GO.. I had to port forward or it would not work.
  Now I want to deny access on port 25 over WAN1 201.X.X.108 but allow access over port 25 on WAN2 201.X.X.109 and this is where it's a NO GO. It doesnt matter what order I put the rules in, its still a no go. Furthermore if I take out the port forward 25 and put in the rules to allow ANY source to reach 25 on the mail server it ALSO does not work...
  This is what I have now and I can still access the email server on EITHER WAN address. I have tried to specifically DENY WAN1 but still no luck.
  FORWARD:
  PORT 25 to 192.168.0.221 is ENABLED
  ACCESS RULES: (in this order)
  ACTION: ALLOW
  SERVICE: SMTP:25
  SOURCE INTERFACE: WAN2
  SOURCE: ANY
  DESTINATION: 192.168.0.221
  TIME: ALWAYS
  ACTION: ALLOW
  SERVICE: SMTP:25
  SOURCE INTERFACE: LAN
  SOURCE: 192.168.0.221
  DESTINATION: ANY
  TIME: ALWAYS
  ACTION: DENY
  SERVICE: SMTP:25
  SOURCE INTERFACE: ANY
  SOURCE: ANY
  DESTINATION: ANY
  TIME: ALWAYS
  Now Second Question is pretty much the same but with SSH on port 22. I did this as a test and enabled SSH to the mail server.
  FORWARD:
  NOTHING SET
  ACTION: ALLOW
  SERVICE: SSH:22
  SOURCE INTERFACE: ANY
  SOURCE: ANY
  DESTINATION: 192.168.0.221
  TIME: ALWAYS
  Why would this not work? The ONLY was I can get an SSH:22 to work is if I port forward it and then the access rule when set to DENY ALL it still allows it on both WAN1 and WAN2...
  CONFUSED!
  HELP!
  PLEASE!
  The Screen shot was my last attempt at making SSH work...

  Esentially what I am trying to accomplish is to NOT have the port forward set. But in every case so far it seems as if the access rules DO NOT WORK at all.
  Even if I set SSH:22 to port forward and set a firewall rule to DENY ANY ANY ANY to ANY I can still SSH to the box

• My Router Access Rule is getting deleted

  Hello,
  I set up an xbox360 with a static IP address on my home network.  My firewall is set to maximum and I need to set up some access rules for xbox live.  This was not difficult but what I've found is that after a few days the access rule is suddenly absent from the list (but the port forwarding rule remains).  why is this occurring?  This is an Actiontec router from Verizon.  
  Thanks

  Make sure to change the control password of the router, if you have not already.
  Look in the router in Advanced, for that setting.
  If you are the original poster (OP) and your issue is solved, please remember to click the "Solution?" button so that others can more easily find it. If anyone has been helpful to you, please show your appreciation by clicking the "Kudos" button.